This website uses a variety of cookies, which you consent to if you continue to use this site. You can read our privacy policy for details about how these cookies are used, and to grant or withdraw your consent for certain types of cookies. Consent and dismiss this banner by clicking agree.

Internet of Medical Things Security Gaps Threaten Health IT

Internet of Medical Things security is a rising concern that most healthcare organizations are not taking seriously according to a survey.

July 20, 2017 - Organizations are rapidly adopting mobile devices, which requires them to consider Internet of Medical Things (IoMT) security and what steps need to be taken to secure the devices.

Most IoMT devices, such as wearables and monitors, don’t appear to be high risk because they don’t function the same way as other mobile devices (i.e. laptops and smartphones). Many IoMT devices send signals to the network and don’t contain displays or interfaces that can be used to navigate the network.

However, these devices can be hacked and cyberattackers can use them to gain access to the network, putting patient data at risk.

Dig Deeper

A recent ZingBox survey revealed that over 90 percent of healthcare networks support IoMT devices and over 70 percent believe that traditional security solutions are sufficient enough to secure the IoMT devices.

"The survey results demonstrate the current state of confusion and misconceptions abound in the healthcare industry on how best to secure connected medical devices,” ZingBox CEO and Co-Founder Xu Zou said in a statement. “The need to gain a deeper understanding of the unique individual personalities of IoT devices remains a foreign concept to many. Unfortunately, you need to understand the device personalities to gain accurate visibility and protection."

"IoT technology presents special challenges to a healthcare organization's ability to protect itself from both insider threats as well as external cyber-attacks across a wide range of attack vectors, as demonstrated by the most recent WannaCry ransomware and NotPetya wiperware attacks,” Zou continued. “As these attacks continue to step to the forefront, companies deploying IoT devices need to be more cognizant than ever of their security measures."

The survey revealed that 76 percent of IT decision-makers are confident that all of the devices connected to the network are secure against outside attacks. Many of these entities are using the same security measures for laptops. Organizations believe that they can detect irregular network traffic down to malfunctioning infusion pumps sending the wrong signals.

"The results of the survey were sobering in terms of the risks the healthcare community faces," said May Wang, CTO and Co-Founder of ZingBox. "This is a tremendous opportunity to raise awareness of healthcare organizations regarding their perception of security and their need to consider modern techniques such as cloud, machine learning and real-time remediation across an organization's entire IoT footprint.”

“IoT requires a more thorough approach to constantly monitor for deviations in behavior and provide alerts for suspicious behavior."

SIEM presents event data in a single view from security devices, network infrastructure, systems and applications, as well as log data and network packets. The event data is combined with context information on the user and network vulnerabilities.

Software-defined networking (SDN) is another way to gain more control over the network. SDN strips away the complexities of wireless hardware by consolidating management functions into a management server that dictates how data moves through the network. This allows IT administrators to retain more control over their networks and respond to demands on their networks more quickly.

Gaining better visibility of the network is important when it comes to IoMT devices. Many IoMT devices simply chat with the network by sending signals that will change if a patient’s status becomes life threatening or needs attention. The better visibility and control an organization has over its network, the faster it will be able to react to cyberattacks and detect potential threats.